CompTIA
CAS-002 · Question #356
CAS-002 Question #356: Real Exam Question with Answer & Explanation
The correct answer is C: Solaris. The combination of open ports - rpcbind (111), r-services (512-514), NFS (2049), and high RPC ports - is a classic Solaris fingerprint not typically seen on Linux, Windows, or macOS.
Question
Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her investigative work, she runs the following nmap command string: user@hostname:~$ sudo nmap -O 192.168.1.54 Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on the device: TCP/22 TCP/111 TCP/512-514 TCP/2049 TCP/32778 Based on this information, which of the following operating systems is MOST likely running on the unknown node?
Options
- ALinux
- BWindows
- CSolaris
- DOSX
Explanation
The combination of open ports - rpcbind (111), r-services (512-514), NFS (2049), and high RPC ports - is a classic Solaris fingerprint not typically seen on Linux, Windows, or macOS.
Common mistakes.
- A. Linux does not expose r-services (TCP/512-514) or high-numbered RPC ports like 32778 in a default installation, making this port profile inconsistent with a standard Linux host.
- B. Windows uses entirely different default ports such as TCP/135 (RPC Endpoint Mapper), TCP/139, and TCP/445 (SMB) and does not natively run NFS or r-services.
- D. macOS does not run legacy r-services or expose the high-numbered RPC ports seen in this profile in any default configuration.
Concept tested. nmap OS fingerprinting via open port analysis
Reference. https://nmap.org/book/osdetect.html
Community Discussion
No community discussion yet for this question.